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ABSTRACT THE DISCLOfURE 

A method and system are provided for restricting the use of a vehicle such as an 
5 automobile to a person or persons whose fingerprints match biometric data stored within a 
memoiy in the vehicle's control system. A user's digitized fingerprints are stored in a non- 
volatile permanent ROM in the BIOS of a microcontroUer on in a ROM accessed by a 
microprocessor. The microprocessor's primary task is that of executing instructions 
rdatcd to the operation of the vehicle, such as regulating the fiid flow rate, and 

10 performing other such tasks. Before the microprocessor can execute its instructions 

related to its primary task, it must complete and exit a conditional loop of instructions that 
relate to validating a user's **rcal-input'' biometric data. Real scanned fingerprints must be 
compared with fingerprint(s) stored in ROM. If the resuk of the compare is a true. i.e. is a 
match, then the conditional loop is satisfied and the microprocessor can execute its 

1 5 instructions relating to operating the vehicle. 



IS 



^SCOCID: <CA 21S6236A1 I > 



2156236 

BIOMETRICALLY SECURED CONTROL SYSTEM FOR PREVENTING THE 
UNAUTHORIZED USE OP A VEHICLE 

Field of the Invention 

5 . ■ 

This invention relates to secure control systems and more particulariy to a system 
and method for acquiring use of a device dependent upon biometric related input. 

Baclcsround of the Invention 

10 

The use of security systons is generally weD loiown. There use is becoming even 
greater with increased availability of digital electronic components at a relatively low cost. 
Such systems are known for securing buildings, banks, automobiles, computers and many 
other devices. For example, U.S. Pat. No. 4,9SI,249 discloses a computer security system 

15 which protects computer software from unauthorized access by requiring the user to 

supply a name and a password during the operating system loading procedure ("boot-up") 
of a personal computer (PC). Tins is accomplished by the insertion of a special card into 
an input/output expansion slot of the PC. During the loading of the operating system of 
the PC, the basic input^output system (BIOS) scans memory addresses of the card for an 

20 identification code, consisting of a 55AA hex code. When this hex code is located, the 
BIOS fnstructions are vectored to the address Vfhere the target hex code resides and 
instructions at the following address are executed as part of the initialization routines of 
the system boot -up procedure. 

25 This PC security system, utilizing a password board, is typical of many systems 

that arc currently available. Password boards require a user's nai.ne and a password 
associated with that user's ruune. Only once a password board detects a valid user's name 
and password does it allow the PC to complete the boot-up routine. Though password 
boards may be useful in some instances, they are inadequate in many respects. 
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For example, an unauthorized skilled user with a correct password in hand, can 
gain entry to such a processor based system. Yet another undesirable feature of Uie 
foregoing system is that passwords on occasion are forgotten; and furthermore, and more 
importantly, passwords have been known to be decrypted. 

As of late one of the most ubiquitous Hectronic components is the distal 
processor Multi-purpose and dedicated processors of various types control devices 
ranging from bank machines, to cash rasters and automobiles. With ever increasing use 
of these processor based devices, there is greater coucem that unauthorized use will 
become more prevalent. Thus, the verification and/or authentication of authorized users of 
processor based systems is a burgeoiung industry. 

Alarms and security systems to warn of unauthorized use of automobiles and other 
processor controlled systems are available, however, these security systems have been 
known to be drcumvented. Furthermore, automobile alarms that sound, are often ignored 
by passers-by. Unfortunately, many commercially available solutions aimed at preventing 
theft or unauthorized use of automobiles have also been circumvented. 

Thus, it is an object of this invention to provide a method and relatively 
inexpensive system for preventing unauthorized use of a vehicle controlled by a processor 
based control system. 

Summary of the Inventioo 

The foregoing problems are solved by a method and apparatus for controlling 
access to a processor controlled device in which memory-resident software logic 
cooperates with an input device providing "rcal-input" biometric data to the processor's 

2 
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input port disabling the controlled device unless authorized user btometric data that 
corresponds to data stored in the processor's memory is provided to the processor. 
According to a departure in the art» memory resident software logic is executed by the 
device processor; the execution of a user verification loop is repeated until an authorized 
user biometric key is provided, thereby preventing the device processor from executing its 
normal fiuictions unless the result of a compare operation of "real-input'* biometric data 
with stored biometric data is true. The processor normally controlling vital functions of 
the automobile, such as fuel delivery is internally halted unless ""real-data" from an 
authorized user is provided. 

Operation of the memory-resident software logic is transparent to the user and to 
the control programs that ncnnally control the processor controlled device because it is 
installed as a boot-up routine when the device is switched-on. At this time, the logic 
continuously monitors a biometric input device, for example in the form of a fingerprint 
scanner, for **real" input data. 

Operation of the device remains suspended until the memory-resident logic 
detects authorized fingerprint data that compares positively with fingerprint data stored in 
the memory. 

Another advantage achieved with the invention is ready adaptability of the system 
to commercially available processor controlled vehicles. 

In accordance with the invention, a tnometrically secured control system is 
provided, for preventing an unauthorized use of a vehicle comprising: processor means 
for conyoUing functions normally associated with the operation of a device; memory 
mieans for storing biometrically related dau and for storing instructions related to 
controlling at least some normal operations of the device; 
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biometric data input means for providing "real-input" biomctrically related data to one of 
the memory means and the processor, and means for preventing the processor from, or 
allowing the process to, execute instructions related to controUii^ at least the functions 
normally associated with the operatioa of the device m dependence upon the state of a 
compare operation, after • comparison has been perfonned between "real-inpui-* and 
previously stored biometrically related data. 

Yet in accordance with another aspect of the invention a method is provided of 
validating a user of a vehicle and for allowing a control system of the device to be 
operable after vaUdation. Thu method comprises the steps of receiving a user's 
biometricaUy related data from an input device; comparing at least an aspect of the 
received biometrically related data with stored biometricaUy related data; preventing a 
processor from executing instructions normally related to the operation of Uie device when 
the compared dau mis-matches within predetennined Hmits; and. allowing the processor 
to execute instructions normaUy related to the operation of the device after the compared 
data matches, within predetermuied limiu. 

Brief Description of the Drswings 

Exemplary embodiments of the invention wiO now be described in conjunction 
with the drawings in which: 

Fig. I a block diagram of a security system in accordance with the invention shown 
having a microprocessor coupled to a fingerprint scanning device; 

Fig. 2 of a block ciia$raro of an alternative embodiment of a security system 
having a microcontroUer coupled to a fingerprint scanning device in accordance with this 
invention; 
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Fig. 3 is an illustration depicting the basic system operation, showing program 
segmentation; 

Fig. 4 is a block diagram of an alternative embodiment of a security system having 
user programmable features; and. 

Fig. 5 is a high-level flowchart depicting a part of a routine for validating a user 
and for operating a vehicle. 

DeUUed Description 

Fig. 1 illustrates a processor based system (PBS) 8 which is modified in 
accordance with the invention to prevent unauthorized usage of one or more devices 18 
related to the operation of a vehicle. For example block 18 shown in Fig. 1 may represent 
the fuel delivery system and/or the ABS braking system of a vehicle. The reference 
numeral 9 designates generally a system of the present invention for providing these 
controlled access and monitoring functions. The system 9 includes b'ometric data input 
means in the form of a fingerprint scanning device 10 and associated, electronic* 
proc^^ing circuitry 12 shown coupled to a microprocessor 14; memory means in the 
form of a read-only memory (ROM) 16 is conveniently logicaUy segmented into a first and 
second logical blocks 16a and 16b respecdvdy, the first of which is for storing BIOS and 
program instructions implementing logic rcMitines that in certain instances prevent a 
processor 14 from executing instructions normally associated with controlling the one or 
more devices 18. A second logical memory block 16b contains instructions that relate to 
the control and operation of the one or more devices 1 8. 

In the instance whei e this system is used to control operations related to a vehicle, 
in a normal, authorized, mode of operation, the processor 14 controls the vehicle's 
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ignition system, braking system, and fuel delivery system. A key-operated ignition switch 
17 is coupled to the processor to provide a signal for providing power to the processor 14 
and for invoking the BIOS start up sequence of instructions stored in boot-up portion 16a 
of the ROM 16. 

3 

Rererring now to Fip.. 2, an alternative embodiment is shown wherein a scanning 
device lO and associates cii . jitiy 12 is coupled to a microcontroller 14b having the BIOS 
stored within the microcontj oiler's internal memory 14c. External ROM 1 6c is coupled to 
the processor and is stored with instructions related to the control of one or more devices 
10 18. In this embodiment, tlie BIOS essentially conq>rises input/output routines, sanity 
checks, and more importantly, the set of piogram instructions implementing logic 
routines that in certain instance^ prevent the microcontrolla^ 14b from executing 
instructions normaUy associat-d with controlling the one or more devices 18 In practice, 
if the processor execution remains in a loop, in its verification sequence of instructions 
15 stored in the BIOS, fuel is not supplied to the vehicle. Since the fiiel injectors ai e 

electronically controlled by the processor, the vehicle is immobilized until the processor 
receives and verifies biometric input dau that corresponds to stored authorized user's 
data. 

Turning now to Fig. 3, a block dkgnun is shown of a portion of the basic pseudo 
code control program that is stored in ROM 16a for determining whether or not 
associated instructions that control the one or more devices 1 8 will be executed. It should 
be noted in this example, that the instructions are merely exemplary and each pseudo-code 
instruction may comprise several micro-instiuctions. Of course, the technical aspects of 
programming of such instructions is well known and within the capability of those skilled 
in the progran^^ming arts. In this example a first pseudo-code 'mstruction, GET 
FINGERPRINT, requires several micro-instructions to be performed in order to 
accomplish this task. However, the explanation of the invention becomes more clear using 

6 
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these high level pseudocode instructions. In this embodiment, a first (pseudo code) 
instruction at memory address 0001, GET FINGERPRINT is fetched and executed by the 
processor or microcontroller As a result of executing this instruction, the fingerprint 
device is polled for input. Whether or not a fingeiprint is available, input is received fi"om 
the £,.;anning device 10 and iti associated circuitry 12. A next instruction, COMPARE 
TEMPLATE, at memory adrress 0002 is fetched fi^om memory and executed. Essentially 
this pseudo-code instruction directs the processor to compare "real-input" data that has 
been electronically formattoJ into a standard digital representation, with an electronically 
stored fingerprint represcr;ed in a same format. If the result of the compare instruction is 
true, that is if the "real-input** data is determined to be the same, within a predetermined 
margin of error, as the stored fikigerprint data» the processor begins fetching instructions 
fi-orn the block of memory 16b associated with the normal operation of device 18. In the 
instance that the compare result is false, the processor 14 sets its instruction counter to 
0001, and loops to fetch instructions starting at address 0001; the processor remains in 
this loop comprising instructions at address 0001 through 0003 until the compare result is 
true. The optional key-switch 17 shown in Fig. 1 is provided to switch the processor and 
overall system on and off. 

in the embodiments shown heretofore, read only memory is provided. Thus, the 
elcctronicaUy stored ( compare template ) fingerprint, is permancnUy stored in the ROM 
16a, I6b, or in the BIOS portion of the memofy a* may be the case. 

However, in an alternative embodiment shown in Fig. 4. non-volatile read/write 
memory I6d is present to provide a more flexible and user programmable system 49. The 
system 49 is similar to that of 9 in Fig. 1 however tnchides an input/output device 42, in 
the form of a display tenninal coupled to the processor 14. In operation, once the 
verification loop comprising the instructions GET FINGERPRINT, COMPARE 
TFiMPLATE, is exited and verification has been made authenticating a user, the display 

7 
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terminal 42 becomes enabled. Instructions associated with the use of the display terminal 
in the form of a menu» are stored in the memory 16b and are presented to a user on the 
display terminal. Non- volatile read/write memory 16d is provided to store input 
information such as temporary users biometric input data. When the system is switched off 

5 and powered down by the switch 17, biometric data stored in the memory 1 6d will remain. 
A menu (a portion of which is shown in Fig. S) is provided on the display terminal 42 to 
allow a temporary user to be logged into the system for a predetermined pieriod of time, 
thereby allowing a temporary user to use the vehicle. Upon selecting this option, the 
temporary user is prompted to place a finger on the scannet 10 within x seconds so that 

10 'Veal-input" data can be acquired. The data is then stored in the memory 16d for a 

predetermined period of time. However, temporary users can only provide their "Yeal- 
input data to the system after a permanent user has successfully passed the verification 
loop of instructions. A real time clock 46 coupled to the processor presents the time of 
day to the processor i4a so that temporary user's biometric data can be eras:* ' \fter the 

15 expiration of its allotted time period. Alternatively, the menu provides an option for a 
temporary user to be deleted from the system. This embodiment can more readily be 
understood in conjunction with the flow chart of Fig. S. Upon power-up, the processor 
1 4a first checks the time of day and erases those entries from memory that have expired; 
(this is not shown in Rg. 5.) The processor then exeojtcs GET FINGERPRINT ai 50 and 

20 compares at 52 the real-input dau with all of its stored fingerprint data. Upon passing the 
verification loop, a menu is provided at 54; furthermore, the vehicle control functions are 
enabled at 56. ITie menu has a plurality of fimctions, only a few of which are illustrated at 
54. Menu option 1 for example invokes a routine to get a fingerprint of a temporary user 
and store it in 16d; (sec 54. 1 and 54. lb in Fig. 5a.) Other options may also be provided at 

25 54. For example, instructions can be selected by a permanent user after authentication has 
taken place, to limit or restrict a teinporary user's access to paiticular functions. For 
instance a permanent user may limit the fiicl flow rate to a predetermined maximum, thus 
essentially preventing the vehicle from exceeding a n;aximum speed. This option may be 
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selected, for example when a valet is given temporary use of the vehicle. Furthermore, 
instructions may be seiecte<? that pi event temporary users from utilizing the radio or other 
features and options. 

5 Alternatively, a permanent user may disable the system for a predetermined period 

of time to allow any users; (o utilize the system without regard to input data as long as the 
ignition key switch 17 is enabled. 

The system defined heretofore ensures Uiat the processor 14 will be prevented 
10 from executing instructions related to con'roinng devices associated with a system, unless 
a block of instructions related to verification and authentication of one or more users has 
been successfully executed and all required conditions are met. Expressed in a dilTerent 
way, the processor locks itself in a veiification loop, rejecting the execution of its normal 
routines, until a correct biometric key in the form of biometric data is presented to it. 

15 

In the examples shown heretofore, in accordance with the invention, a scheme 
having sequential instructions is shown for simplicity, however, pointers, flags, and 
semaphores can be utilized in a similar system wherein branching and jumping to non- 
sequential blocks of memory is performed. Thus, the verification loop need not be the first 
20 block of instructions executed, and similariy the control block of instructions need not be 
the second block of instructions executed, however the verification loop of instructions 
should be executed prior to executing the velucie control instructions as an authorization 
check to ensure that the vehicle control insHucdons should be executed. 

15 Advaritageously . having a same processor control access to a vehicle and the 

operation of the vehicle, provic-es a highly secure system. If in an unauthorized attempt to 
tamper with and use the vehicle the processor becomes damaged, it will then not provide 
its required fiinctions, for example, contFoUii^ the fiiel supply to the vehicle. If in an 
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authorized attempt to use the vehicle the processor and memory were replaced with 
another processor and memory, the replacement memory would have to be compatible 
with the processor and control devices and suitably programmed to control the required 
functions relating to the operation of a vehicle; this scenario is highly unlikely. 

Of course, numerous other features and embodiments may be envisaged without 
departing from the spirit and scope of the invention. 
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Cbims 

Wliat I claim is: 

5 

A biometrically secured control system for preventing an unauthorized use of a vehicle 
comprising: 

processor means for controlling functions normally associated with the operation of a 
10 device within a vehicle; 

memory means for storing biometrically related data and for storing instructions related to 
controlling at least some normal operations of the device; 

15 biometric data input means for providing ''real-inpuf ' biometrically related data to one of 
die memory means and the processor; and» 

means for prex^enting the processor from, and aBowing the process to. execute instructions 
related to controlling at least the functions normally associated with the operation of the 
20 vehicle in dependence upon the result of a compare operation, after a comparison has 
been performed between "real" and previously stored biometrically related data. 

2. A biometrically secured control system as defined in claim 1, wherein said means for 
25 prcventi- .c the processor from executing instructions tnchides a control sequence of 
instructions. 
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3. A biometricaUy secured control system as defined in claim 1 , wherein said biometric 
data input means comprises a fingerprint scanning input device. 

4. A biometricaUy secured control system as defined in claim 2, wherdn said control 

5 sequence of instnictions for preventing the processor from executing instructions indudes 
associated instructions for acquiring ''real-input" biometric dau for and determining if 
acquired "real-input" biometric data matches stored biometric data within predetennined 
limits. 

10 5. A biometricaUy secured control system as defiiied in claim 4. wherein the operation of 
the vehicle is prevented until a suitable match occurs between acquired "real" biometric 
related data, and stored biometric data. 

6. A biometricaUy secured control system as defined in claim 1, wherein the biometric data 
15 input means are provided to at least input biometric data of an authorized user to be 

stored in a memory for later comparison with "reaT uiput data. 

7. A biometricaUy secured control system as defined in claim 1, including an input terminal 
for programming the control system. 

20 

8. A biometricaUy secured control system as defined in daim 7. wherein the input terminal 
includes a key-pad and display means. 

9. A biometricaUy secured control system as defined in claim 8. wherein the normal 
25 operation of the input terminal is dependent upon a positive compare result after a 

compa-ison has been perfomied between "real-input" and stored biometricaUy rehited 
data. 
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10. A biometrically secured control system as defined in claim 8» including meanF. for 
allowing biometric data of a temporary user to be logged into the system for a . 
predetermined period of time. 

5 1 1. A method of validating a user of a vehicle and for aTowing a control system of the 
vehicle to be operable after said validation, compiislng the steps of: 

receiving a user's biometrically related data from an input device; 
comparing at least an aspect of the received biometrically related data with stored 
io biometrically related data; 

preventing a processor from executing instructions normally related to the operation of the 
vehicle when the compared data niis^matches within predetermined limits; and, 
allowing the processor to execute instructions normally related to the operation of the 
vehicle after the compared data matches, within predetermined limits. 

15 

12. A method as defined in claim 1 1, wherdn the preventing and allowing steps are 
performed by the processor in dependence upon the comparing step. 

1 3 A method as defined in claim 12» wherein the step of comparing the data is performed 
20 by logic circuitry within the processor. 

14. A method as defined in claim 11, fiirther comprising the step of providing a temporary 
authorized user's biometrically related data to a memoty for storage. 

25 1 5. A method as defined in claim 1 1 fiirther comprising the step of providing an 

authorized user's btometricaily related data to a memory for storage after the processor 
has been allowed to execute instructions normally related to the operation of the vehicle. 
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16. A method as defined in claim 14 or 15 further comprsing the step of providing a time 
interval to the processor relating to the aUotted time a temporary user may be validated to 
operate the vehicle. 

17. A method as defined in claim 15. further comprising the step of delcUng a temporaiy 
user's biomeuically related data fit>m the memory. 
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